366 matches found
CVE-2026-25940
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user ca...
MAL-2026-837 Malicious code in notification-saved-search-settings-podlet (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2059b78866965dce7f68bf358485c0f98eeb6c9befcf4455115c5d8623013e7f The package notification-saved-search-settings-podlet was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in test-on-other-again (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c2b4e18e26bfe221e4ebcdaa18a271ea746bee1977c35172726fd753a923897 The package test-on-other-again was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in pay-by-bank-dashboard-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c58f9aa900a5052fd440dd0a9a3e3ecb345fb4fee2be527b5af385485ee224 The package pay-by-bank-dashboard-server was found to contain malicious code. Source: ghsa-malware...
Malicious code in chai-as-executed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39509cc9cca91e97ff74a0dbb0eb902c89e3736a5b96e6412d9334c70b1c315f The package chai-as-executed was found to contain malicious code. Source: ghsa-malware 29af27b0f184fca142866657489c6ea7170b3774985d5293e7136f1ae4f623...
Malicious Package
Overview chai-as-executed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2026-3268
Malicious code in chai-as-executed npm...
MAL-2026-337 Malicious code in chai-as-executed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39509cc9cca91e97ff74a0dbb0eb902c89e3736a5b96e6412d9334c70b1c315f The package chai-as-executed was found to contain malicious code. Source: ghsa-malware 29af27b0f184fca142866657489c6ea7170b3774985d5293e7136f1ae4f623...
Malicious code in mapkit-example-vanillajs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5930ccf1bb06110abd9daaa0441059f428ee853e926572c4c9416ba959401d53 The package mapkit-example-vanillajs was found to contain malicious code. Source: ghsa-malware...
MAL-2026-249 Malicious code in @flipster/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7959db4a5848d904daa027ec759ca4588e6c033f1df17a82686a3d28d2dd2e9f The package @flipster/utils was found to contain malicious code. Source: ghsa-malware 0490c6f411da9b1fa5efbfd1cad8e7b41ec915751813279fb2a89a0f5e96752...
Malicious code in do-not-install-this-package-002 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dc0f1ed2645f37e4b8df59ccca64288a02f6cc07009489c54565dfc5b0089f19 During installation, the package exfiltrates env variables and data from different process memory to a remote location --- Category: MALICIOUS - The campaign h...
MAL-2026-193 Malicious code in cko-ui-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bd7dceb0840c7e96ac7bbc186b43c5a28941546823b4a13888aad0870a5aaa9 The package cko-ui-toolkit was found to contain malicious code. Source: ghsa-malware 06a8bb4e74769e572fe928f5f3fa63fb6ebda995375148b063d1730c43c4dc06...
MAL-2025-192950 Malicious code in ing-feat-ui-image (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14224c001e46452a2945aa0f8597214b5f82350c3aeddc53076f9759ce948e18 The package ing-feat-ui-image was found to contain malicious code. Source: ghsa-malware...
Malicious code in bettermode-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cea8112bbccd7b047a03169d6591f7ab7f756044a4203b2435152fe708cad5d5 The package bettermode-icons was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-192606 Malicious code in sarumaan_a (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44f1d6e1dae6e429d4b5cffe6573928f3e9f5f816a3676747d786bce3c32d175 The package sarumaana was found to contain malicious code. Source: ossf-package-analysis...
CVE-2025-65592
CVE-2025-65592 affects nopCommerce 4.90.0. The vulnerability is a Cross Site Scripting (XSS) issue in the product management functionality, where malicious payloads entered into the Product Name and Short Description fields are stored in the backend database and then executed when affected pages ...
Malicious code in elf-stats-merry-cookiejar-987 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75fe8df281f1f2fce72e4cebd7dc37b97562bc7ca5bd5e5ac7da9d78d6e22cb1 The package elf-stats-merry-cookiejar-987 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in cbre-flow-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947d73050012f020f6fdd2335ac7c8602c707fb84fb141fbfdd1e88a30ca3650 The package cbre-flow-common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-190580 Malicious code in lululemon-b2b-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b05944949ea944b00cec776df6ca73a7d3cdb15f30d578047b75225e8c04cb45 The package lululemon-b2b-utils was found to contain malicious code. Source: ghsa-malware...
Malicious code in captcha-paypal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 358456d344b5a4b2a92cb9b9094bafcf797200b5a0b6549e46175fbbfff70fa4 The package captcha-paypal was found to contain malicious code. Source: ossf-package-analysis...